diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index a17dde9276..39d7ab523a 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -139,7 +139,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
     This middleware should be used in conjunction with the {% csrf_token %}
     template tag.
     """
-    @cached_property
+    @property
     def csrf_trusted_origins_hosts(self):
         return [
             urlparse(origin).netloc.lstrip('*')
@@ -153,7 +153,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
             if '*' not in origin
         }
 
-    @cached_property
+    @property
     def allowed_origin_subdomains(self):
         """
         A mapping of allowed schemes to list of allowed netlocs, where all
@@ -298,7 +298,10 @@ class CsrfViewMiddleware(MiddlewareMixin):
                 if referer is None:
                     return self._reject(request, REASON_NO_REFERER)
 
-                referer = urlparse(referer)
+                try:
+                    referer = urlparse(referer)
+                except ValueError:
+                    return self._reject(request, REASON_MALFORMED_REFERER)
 
                 # Make sure we have a valid URL for Referer.
                 if '' in (referer.scheme, referer.netloc):
